- 06 1月, 2020 6 次提交
-
-
由 Matt Caswell 提交于
Use of the low level AES functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10580)
-
由 Matt Caswell 提交于
We should not be using the low level AES APIs in CMS. Instead we should be using EVP. There was a small amount of use of the low level key wrap APIs - so we convert that to EVP. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10580)
-
由 Matt Caswell 提交于
The HMAC_CTX structure stores the original key in case the ctx is reused without changing the key. However, HMAC_Init_ex() checks its parameters such that the only code path where the stored key is ever used is in the case where HMAC_Init_ex is called with a NULL key and an explicit md is provided which is the same as the md that was provided previously. But in that case we can actually reuse the pre-digested key that we calculated last time, so we can refactor the code not to use the stored key at all. With that refactor done it is no longer necessary to store the key in the ctx at all. This means that long running ctx's will not keep the key in memory for any longer than required. Note though that the digested key *is* still kept in memory for the duration of the life of the ctx. Fixes #10743 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10747)
-
由 Richard Levitte 提交于
For the implementation of EVP_PKEY_CTX_new(), we determined if an EVP_PKEY wass legacy or not by looking at 'pkey->pkey.ptr'. It turns out that this code could get an unassigned EVP_PKEY, with that pointer being NULL, and the determination proven incorrect. The check now looks at 'pkey->ameth' instead. Fixes #10704 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10758)
-
由 Rich Salz 提交于
Also clarify the description of the options. Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10259)
-
由 Shane Lontis 提交于
Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable() method is either NULL, or the method returns 1. This is mainly required for ciphers that only have hardware implementations. If there is no hardware support, then the algorithm needs to be not available. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10146)
-
- 05 1月, 2020 13 次提交
-
-
由 Andrew Hoang 提交于
ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1. Fixes #8766 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10693)
-
由 fangming.fang 提交于
This came from f3fdfbf7. run = 1 should be done in pkey_print_message as well, otherwise other tests printed with pkey_print_message won't run. Change-Id: I0ba0b05256ad6509ada4735b26d10f8a73fd89ec Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10710)
-
由 Fangming.Fang 提交于
This change addresses a potential side-channel vulnerability in the internals of nistz256 low level operations for armv8. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 Bernd Edlinger 提交于
This is only used if configured with ./config -DECP_NISTZ256_REFERENCE_IMPLEMENTATION Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 David Benjamin 提交于
Cherry picked from https://github.com/google/boringssl/commit/12d9ed670da3edd64ce8175cfe0e091982989c18Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 Nicola Tuveri 提交于
This commit addresses a potential side-channel vulnerability in the internals of some elliptic curve low level operations. The side-channel leakage appears to be tiny, so the severity of this issue is rather low. The issue was reported by David Schrammel and Samuel Weiser. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9239)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10748)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10748)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10748)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10748)
-
- 02 1月, 2020 3 次提交
-
-
由 Ibrahim M. Ghazal 提交于
Fixes #8194 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10130)
-
由 Matt Caswell 提交于
The New Year has caused various files to appear out of date to "make update". This causes Travis to fail. Therefore we update those file. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10738)
-
由 dcruette 提交于
Fix double + in hkdflabel declaration (FIXES #10675) CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10700)
-
- 28 12月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
The explicit enable-asan build fails in the memleak test for unknown reasons. Therefore we disable it temporarily to get a green Travis. Other builds that use -fsanitize=address in Travis seem to pass. [extended tests] Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10689)
-
由 Matt Caswell 提交于
The pyca-cryptography external test has been failing for a long time. It looks like upstream needs to make some changes to adapt to 3.0. [extended tests] Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10689)
-
- 26 12月, 2019 6 次提交
-
-
由 Matt Caswell 提交于
test_conf was failing in travis for mingw builds. We run these on linux via wine. However due to line break differences the tests were failing. We just skip these in a cross compiled build. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10689)
-
由 Bernd Edlinger 提交于
The timer alarm sets run = 0, while the benchmark does run = 1 in the initialization code. That is a race condition, if the timer goes off too early the benchmark runs forever. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10680)
-
由 Richard Levitte 提交于
Remove them using "del", not "rmdir" Fixes #10553 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10555)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10683)
-
由 Richard Levitte 提交于
It may be that some "missing" manuals have been written since their insertion in the "missing" files. Make sure to alert when such manual references are found. This works, because we collect all existing manual references into %name_map first. Fixes #10681 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10683)
-
由 Benjamin Kaduk 提交于
Bring us up to date with upstream's 1.17.1 release. Among other things, it includes commit c2497d46b4bad473e164943d67b58cd1ae261c3a which fixes several issues that affect running the test suite under Travis CI. Hopefully those will work transitively for us as well. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10690)
-
- 24 12月, 2019 4 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10679)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10678)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10677)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10676)
-
- 23 12月, 2019 5 次提交
-
-
由 Bernd Edlinger 提交于
We store a secondary frame pointer info for the debugger in the red zone. This fixes a crash in the unwinder when this function is interrupted. Additionally the missing cfi function annotation is added to aesni_cbc_sha256_enc_shaext. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10674)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10672)
-
由 Matt Caswell 提交于
Add a guard in a build.info file for no-dsa builds Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10644)
-
由 Matt Caswell 提交于
The new serializer code broke no-dh builds so we add some more guards to fix it. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10644)
-
由 Matt Caswell 提交于
The new DH test in evp_extra_test.c broke the no-dh build so we add some guards to fix it. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10644)
-
- 22 12月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10640)
-